Emotet Trojan Spreads QakBot Malware via Spam Campaign

On July 21, 2020, the Emotet botnet was identified delivering the QakBot banking trojan as a part of a new spam campaign to target users worldwide. This campaign was previously observed distributing the Trickbot trojan by security researchers on July 17, 2020. In this spam campaign, a security researcher, who goes by the moniker “Cryptolaemus,” identified that the threat actors replaced the TrickBot trojan distribution across all Emotet epochs. The Emotet epoch is a subgroup of the botnet that runs on distinct infrastructure. At the time of writing, researchers have identified three epoch’s, with each of them having separate command and control servers, distribution methods, and payloads. Another security researcher, who goes by the moniker “Bom,” analyzed the Emotet malware sample by using the “any.run” interactive analysis tool and was able to confirm that the Emotet trojan contains a QakBot malware. It was identified that the string for identifying this QakBot campaign is “partner01,” which suggests a strong connection between Emotet trojan and the threat actors behind this campaign.

Nuspire recommends the following measures to help mitigate against the aforementioned campaign.

– Maintain up-to-date antivirus signatures and engines

– Use reputable next-gen antivirus solutions

– Verify the URL of the website before clicking a link sent via email

– Keep operating system patches up-to-date

– Learn about different phishing and social engineering techniques and how to best avoid them